CVE-2008-4217Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple MAC OS X

CWE-1893 documents3 sources
Severity
9.3CRITICALNVD
EPSS
5.3%
top 9.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedDec 17
Latest updateMay 2

Description

Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.5.5+6
NVDapple/mac_os_x_server10.5.5+6

🔴Vulnerability Details

2
GHSA
GHSA-cjrf-3f4f-xp9j: Integer signedness error in BOM in Apple Mac OS X before 102022-05-02
CVEList
CVE-2008-4217: Integer signedness error in BOM in Apple Mac OS X before 102008-12-17
CVE-2008-4217 — Apple MAC OS X vulnerability | cvebase